BugTraq Mode:
(Page 6 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ MDVSA-2015:001 ] c-icap 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:001
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:002 ] pcre 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:002
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Open-Xchange Security Advisory 2015-01-05 2015-01-05
Martin Heiland (martin heiland open-xchange com)
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35512 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version

[ more ]  [ reply ]
[SECURITY] [DSA 3118-1] strongswan security update 2015-01-05
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3118-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
January 05, 2015

[ more ]  [ reply ]
[ MDVSA-2015:003 ] ntp 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:003
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:004 ] php 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:004
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 11 of the ManageOwnage series. For previous parts, see [1].

This time we have two remote code execution via file upload (and
directory traversal) on several ManageEngine products - Service Desk
Plus, Asset Explorer, Support Center and IT360.

The first vulnerability can only be ex

[ more ]  [ reply ]
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
------
Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
------------------------------------------------------------------------
------

[-] Software Link:

http://www.symantec.com/web-gateway/

[-

[ more ]  [ reply ]
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.mantisbt.org/

[-] Affected Vers

[ more ]  [ reply ]
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------------------
Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
---------------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and pro

[ more ]  [ reply ]
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[ more ]  [ reply ]
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
-------------------------------------------------------------------
Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
-------------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably

[ more ]  [ reply ]
[SECURITY] [DSA 3117-1] php5 security update 2014-12-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3117-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 31, 2014

[ more ]  [ reply ]
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 10 of the ManageOwnage series. For previous parts, see [1].

This time we have a vulnerability that allows an unauthenticated user
to create an administrator account, which can then be used to execute
code on all devices managed by Desktop Central (desktops, servers,
mobile devices

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in order to prevent the possible execution of a rogue program like
"C:\Program.exe" or "C:\Program Files\Microsoft.exe", on x64 also
"C:\Program Files.exe" or "C:\Program Files (x86)\Microsoft.exe",
due to the beginner's error of using unquoted pathnames containing
spaces (see <https://cwe.

[ more ]  [ reply ]
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability

EMC Identifier: ESA-2014-179

CVE Identifier: CVE-2014-4634

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected

[ more ]  [ reply ]
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability

EMC Identifier: ESA-2014-158

CVE Identifier: CVE-2014-4630

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

[ more ]  [ reply ]
[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3116-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 30, 2014

[ more ]  [ reply ]
Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29
z fedotkin infosec ru
Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7
Advisory ID: -
Author: Zakhar Fedotkin
Affected Software: Wordpress Plugin Cforms II 14.x-14.7 (Release: 12th Nov 2014)
Vendor URL: https://wordpress.org/plugins/cforms2/
Vendor Status: fixed
CVE-ID: -

===================

[ more ]  [ reply ]
[SECURITY] [DSA 3115-1] pyyaml security update 2014-12-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3115-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 29, 2014

[ more ]  [ reply ]
nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)
Namaste Ninjas,

Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and

[ more ]  [ reply ]
[SECURITY] [DSA 3113-1] unzip security update 2014-12-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3113-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 28, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3114-1] mime-support security update 2014-12-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3114-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 29, 2014

[ more ]  [ reply ]
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1386

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239

CVE-ID:
=======
CVE-2014-2239

Release Date:
==

[ more ]  [ reply ]
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377

Release Date:
=============
2014-12-25

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1358

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1363

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1387

Release Date:
=============
2014-12-24

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1370

Facebook Security ID: 216850649

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2014

[ more ]  [ reply ]
(Page 6 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus